» vshost32.exe
Overview
Analysis
File Details
Behaviors (1)

vshost32.exe

The executable vshost32.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ScdBcd’.

File name:

vshost32.exe

Version:

1.0.0.0

MD5:

000856cc90670c16f6d2c347eae25d6a

SHA-1:

797093dd90971e3eae02f5514a5053d9469bcfc1

SHA-256:

d1f9e121e6b1c04d4e93c3caa273a4ffae6efe36d22d5e212b0509ea4808e776

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

5/2/2024 10:29:11 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.MulDrop6.38915

9.0.1.05190

ESET NOD32

MSIL/Agent.B virus

6.3.12010.0

F-Secure

Win32.MaliGarnet.Gen

5.16.24

File size:

461 KB (472,064 bytes)

Product version:

1.0.0.0

Original file name:

MainV.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\dibifu_9\vshost32.exe

File PE Metadata

Compilation timestamp:

5/1/2016 7:30:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

Entry address:

0x83DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 10, 00, 00, 00, C8, 00, 00, 80, 18, 00, 00, 00, E0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 12, 00, 01, 00, 00, 00, F8, 00, 00, 80, 02, 00, 00, 00, 10, 01, 00, 80, 03, 00, 00, 00, 28, 01, 00, 80, 04, 00, 00, 00, 40, 01, 00, 80, 05, 00, 00, 00, 58, 01... 
[+]

Entropy:

3.5518

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

25 KB (25,600 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ScdBcd

Command:

C:\users\{user}\appdata\roaming\dibifu_9\vshost32.exe

Remove vshost32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.